IETF Logo Mail Archive

Re: [tcpinc] TCP's treatment of data in SYN packets

Kyle Rose <krose@krose.org> Thu, 28 July 2016 22:31 UTC

Return-Path: <krose@krose.org>
X-Original-To: tcpinc@ietfa.amsl.com
Delivered-To: tcpinc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1004612D6AA for <tcpinc@ietfa.amsl.com>; Thu, 28 Jul 2016 15:31:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=krose.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GLZZAzzISSMR for <tcpinc@ietfa.amsl.com>; Thu, 28 Jul 2016 15:31:06 -0700 (PDT)
Received: from mail-qk0-x235.google.com (mail-qk0-x235.google.com [IPv6:2607:f8b0:400d:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC4CD12D17B for <tcpinc@ietf.org>; Thu, 28 Jul 2016 15:31:05 -0700 (PDT)
Received: by mail-qk0-x235.google.com with SMTP id p74so76071230qka.0 for <tcpinc@ietf.org>; Thu, 28 Jul 2016 15:31:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krose.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=o+7YXvZ9WBOUMvJ6JnmZJkHUULPMvQq5pkEF+bA4Ayk=; b=MSP2TH8w9f8l+om7f9RntshWZj3ZsmAzmSuMLgwPD8ydQY7vgnJNLO29cBRR5V3QLf L8Ctd2GS0Y19a41TRrFmEMpLzIyLt5vHhGiHGLe/ByWLmK97Wcu3dsZkT0xysks++T2/ ihfxNiu4sGczA/Zyfm4ZXVyqkPhx3Aqu9wynA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=o+7YXvZ9WBOUMvJ6JnmZJkHUULPMvQq5pkEF+bA4Ayk=; b=QUuSgx49i1mRD83YwfXObc55V2wH91gU3nTGPwotmsMfbQ4WO58gOzLIWu4SPevw+R tvMDfeAeM/u1h+JPbkZSfiof0/kPANdQOdMERLm/tGGTmCENRJDeRQjrcSlbwZQo/4+a 5eqrOBeo3T+tVr2tv2nLNiDxDDtJdXCizeGPP72MKD0B9mLjzsNYD46Ezwys6UPgkQ4g PoMx1dh1ajFFBPOya/iKf1wpS02zD8ksFby5Y6qNEc5TEESoyWUItqIqK7ZcVyrX1Sim +3C1AUNZR5tqIe2hOL1XGRlRwpzBvflfk6j73TVqkR0LJkxgfDZ352Xwpczcl3+sjZJ3 P+ug==
X-Gm-Message-State: AEkoous9Ctt0/FbFrJDEQfi2K/nOv8/yF09XIun7gfC5Sopr1UEjoZE8ZX00566BZpepMWUogIFTHyZRD6IIhQ==
X-Received: by 10.55.70.22 with SMTP id t22mr44594280qka.171.1469745064838; Thu, 28 Jul 2016 15:31:04 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.55.94.70 with HTTP; Thu, 28 Jul 2016 15:31:04 -0700 (PDT)
X-Originating-IP: [2001:4878:8000:50:8177:dae3:6e7d:d228]
In-Reply-To: <579A8223.8050308@isi.edu>
References: <CAJU8_nU1WzQNFFUn_2o1cACutB01iyQ_hC29PHoutr8TRDKGnA@mail.gmail.com> <579A4669.7030600@isi.edu> <87lh0lselg.fsf@ta.scs.stanford.edu> <CAJU8_nUPrm9JJMrrMbL5+FpP-9CKC6EkidCry9UuZA5ZfyJtoA@mail.gmail.com> <579A8223.8050308@isi.edu>
From: Kyle Rose <krose@krose.org>
Date: Thu, 28 Jul 2016 18:31:04 -0400
Message-ID: <CAJU8_nXSxr7ykC1TwptBmyP8pNccz52ozq=hF7-EYiaMdDeLBQ@mail.gmail.com>
To: Joe Touch <touch@isi.edu>
Content-Type: multipart/alternative; boundary="001a114ab99c80250f0538b9b0ae"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpinc/jfngkecJuJBkYXt1HWNfK6xjqK0>
Cc: "Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net>, tcpinc <tcpinc@ietf.org>, David Mazieres expires 2016-10-26 PDT <mazieres-p7v7bih3ykqpkxv5e74y9er6ts@temporary-address.scs.stanford.edu>
Subject: Re: [tcpinc] TCP's treatment of data in SYN packets
X-BeenThere: tcpinc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion list for adding encryption to TCP." <tcpinc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpinc/>
List-Post: <mailto:tcpinc@ietf.org>
List-Help: <mailto:tcpinc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpinc>, <mailto:tcpinc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jul 2016 22:31:09 -0000

On Thu, Jul 28, 2016 at 6:07 PM, Joe Touch <touch@isi.edu> wrote:

> On 7/28/2016 3:01 PM, Kyle Rose wrote:
> > I still don't have a good feel for what folks like Joe are
> > recommending re: dealing with a B that doesn't understand ENO. If B is
> > suddenly not ENO-aware,
> Not suddenly. During the SYN exchange.
>

Sorry, by "suddenly" I mean that an IP that formerly negotiated ENO gets
swapped out for one that doesn't understand ENO: this could for example be
the result of a load balancer sending the request to a machine with an
older kernel.

Note that it must be the case that the stack in question doesn't understand
ENO, not just that it is now unwilling to negotiate ENO. If it knows about
ENO but just doesn't want to negotiate it, it knows enough to throw away
the SYN data.


> Or are you not dealing with legacy endpoints that don't speak ENO? The
> goal there is to fail gracefully - either fail to support ENO and
> proceed, kill the connection, etc. But you should never start delivering
> data to the application by accident - that's something you can't roll back.
>
> BTW, you DO need to deal with an endpoint that spoke ENO before but does
> not now (for two different connections). That could happen because of an
> OS revision or because the connection configured differently anyway.
>

Again, I would put the "machine understands but does not want to negotiate
ENO" case into the supportable category, because we can completely define
the behavior of endpoints that understand ENO. I'm worried about the
interoperability case with legacy kernels that don't even know what ENO is.

These two paragraphs do get to what I was asking. I agree we do need to
deal with them, but what is the space of reasonable solutions? When an
endpoint *could* deliver garbage to an application, as any legacy TCP stack
could according to the spec, we can never send encrypted data in the SYN if
we are unwilling to retain and/or assume some state about peers. I see four
main options:

(1) Don't ever send data in the SYN. This is easiest, but sacrifices ENO
support for SYN data forever for the sake of full interoperability with
legacy TCP stacks, even with hosts a user knows a priori support ENO. This
is not my preference.

(2) Retain knowledge of ENO support for an IP and assume it on resumption
attempts, throwing that state away if ENO is not negotiated. This case
means accepting that we'll have to retry the connection in cases when a
server supporting ENO and one knowing nothing about ENO share an IP.

(3) Require signaling from the server on a previous connection. This case
is a more explicit form of (2), and carries the same dangers, but puts the
configuration burden on the server administrator to assert that, yes, all
servers responding for this IP support ENO.

(4) Require signaling from the client application. This allows a client to
decide whether to support SYN data based on a priori knowledge of the
server's support for ENO.

Kyle

v2.37.1 | Report a Bug | By Email | System Status